This is an automated email from the ASF dual-hosted git repository. alexey pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 995c9a76cc4aaeb7e91b0f894a13e5d1ac1f8fe4 Author: Alexey Serbin <[email protected]> AuthorDate: Fri Feb 7 16:20:14 2020 -0800 [clock] declare 'system_unsync' time source as unsafe Since it's now possible to run Kudu clusters with the 'system_unsync' time source, it makes sense to build a guardrail to prevent selecting 'system_unsync' for --time_source unless unsafe flags are enabled (i.e. --unlock_unsafe_flags set). This is to prevent using unsynchronized local clocks in production clusters. While I'm here, I did the same for the 'mock' time source: it's targeted for tests only. Change-Id: I26e7cb8185a7a01bcc397a582572bfaa0d28b3b4 Reviewed-on: http://gerrit.cloudera.org:8080/15188 Tested-by: Kudu Jenkins Reviewed-by: Adar Dembo <[email protected]> --- src/kudu/client/client_examples-test.sh | 2 ++ src/kudu/clock/hybrid_clock.cc | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/src/kudu/client/client_examples-test.sh b/src/kudu/client/client_examples-test.sh index a495e08..3f80d97 100755 --- a/src/kudu/client/client_examples-test.sh +++ b/src/kudu/client/client_examples-test.sh @@ -158,6 +158,7 @@ MASTER_RPC_PORT=7051 mkdir -p "$BASE_DIR/master/logs" "$OUTPUT_DIR/kudu-master" \ --unlock_experimental_flags \ + --unlock_unsafe_flags \ --default_num_replicas=1 \ --log_dir="$BASE_DIR/master/logs" \ --fs_wal_dir="$BASE_DIR/master/wals" \ @@ -172,6 +173,7 @@ TSERVER_RPC_PORT=7050 mkdir -p "$BASE_DIR/ts/logs" "$OUTPUT_DIR/kudu-tserver" \ --unlock_experimental_flags \ + --unlock_unsafe_flags \ --heartbeat_interval_ms=200 \ --heartbeat_rpc_timeout_ms=1000 \ --log_dir="$BASE_DIR/ts/logs" \ diff --git a/src/kudu/clock/hybrid_clock.cc b/src/kudu/clock/hybrid_clock.cc index 1f80af7..459d605 100644 --- a/src/kudu/clock/hybrid_clock.cc +++ b/src/kudu/clock/hybrid_clock.cc @@ -37,6 +37,7 @@ #include "kudu/gutil/strings/substitute.h" #include "kudu/util/debug/trace_event.h" #include "kudu/util/flag_tags.h" +#include "kudu/util/flag_validators.h" #include "kudu/util/logging.h" #include "kudu/util/metrics.h" #include "kudu/util/monotime.h" @@ -96,6 +97,26 @@ DEFINE_int32(ntp_initial_sync_wait_secs, 60, TAG_FLAG(ntp_initial_sync_wait_secs, advanced); TAG_FLAG(ntp_initial_sync_wait_secs, evolving); +DECLARE_bool(unlock_unsafe_flags); + +// This group flag validator is a guardrail to help using proper time source +// in production. +// +// The validator makes it necessary to explicitly enable unsafe flags +// (i.e. set the --unlock_unsafe_flags flag to 'true') if configuring +// --time_source to be 'system_unsync' or 'mock': these timesources are for +// experimental and test clusters only. +bool ValidateTimeSource() { + if ((FLAGS_time_source == "system_unsync" || + FLAGS_time_source == "mock") && !FLAGS_unlock_unsafe_flags) { + LOG(ERROR) << "--unlock_unsafe_flags should be set if configuring " + "--time_source to be 'system_unsync' or 'mock'"; + return false; + } + return true; +} +GROUP_FLAG_VALIDATOR(time_source_guardrail, ValidateTimeSource); + METRIC_DEFINE_gauge_uint64(server, hybrid_clock_timestamp, "Hybrid Clock Timestamp", kudu::MetricUnit::kMicroseconds,
